| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20220407094023.GA13500@xsang-OptiPlex-9020>
Date: Thu, 7 Apr 2022 17:40:23 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Christian Brauner <brauner@...nel.org>
Cc: Ammar Faizi <ammarfaizi2@...weeb.org>, lkp@...ts.01.org,
lkp@...el.com, guobing.chen@...el.com, ming.a.chen@...el.com,
frank.du@...el.com, Shuhua.Fan@...el.com, wangyang.guo@...el.com,
Wenhuan.Huang@...el.com, jessica.ji@...el.com, shan.kang@...el.com,
guangli.li@...el.com, tiejun.li@...el.com, yu.ma@...el.com,
dapeng1.mi@...el.com, jiebin.sun@...el.com, gengxin.xie@...el.com,
fan.zhao@...el.com, LKML <linux-kernel@...r.kernel.org>
Subject: [ovl] 30f9ef9479: BUG:kernel_NULL_pointer_dereference,address
Greeting,
FYI, we noticed the following commit (built with gcc-11):
commit: 30f9ef94795008e5146f69d2eb043922a512bf85 ("ovl: support idmapped layers")
https://github.com/ammarfaizi2/linux-block brauner/linux/fs.idmapped.overlayfs.v3
in testcase: phoronix-test-suite
version:
with following parameters:
need_x: true
test: nexuiz-1.6.1
option_a: 1024 x 768
option_b: No
option_c: Off
cpufreq_governor: performance
ucode: 0xec
test-description: The Phoronix Test Suite is the most comprehensive testing and benchmarking platform available that provides an extensible framework for which new tests can be easily added.
test-url: http://www.phoronix-test-suite.com/
on test machine: 12 threads 1 sockets Intel(R) Core(TM) i7-8700 CPU @ 3.20GHz with 32G memory
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>
[ 23.631915][ T473] BUG: kernel NULL pointer dereference, address: 0000000000000000
[ 23.639505][ T473] #PF: supervisor read access in kernel mode
[ 23.645281][ T473] #PF: error_code(0x0000) - not-present page
[ 23.651058][ T473] PGD 0 P4D 0
[ 23.654261][ T473] Oops: 0000 [#1] SMP PTI
[ 23.658413][ T473] CPU: 10 PID: 473 Comm: systemd-journal Not tainted 5.17.0-00019-g30f9ef947950 #1
[ 23.667470][ T473] Hardware name: Dell Inc. OptiPlex 7060/0C96W1, BIOS 1.4.2 06/11/2019
[ 23.675492][ T473] RIP: 0010:ovl_set_upper_acl (fs/overlayfs/ovl_entry.h:90 fs/overlayfs/ovl_entry.h:95 fs/overlayfs/overlayfs.h:254 fs/overlayfs/dir.c:457) overlay
[ 23.681809][ T473] Code: c5 48 85 c0 0f 84 9e 00 00 00 4c 89 e6 4c 89 f9 48 89 c2 48 c7 c7 80 8f 84 82 e8 1a d4 2b c1 41 89 c4 85 c0 78 27 48 8b 43 08 <48> 8b 00 48 8b 78 18 41 b9 01 00 00 00 4d 89 f8 48 89 e9 4c 89 f2
All code
========
0: c5 48 85 (bad)
3: c0 0f 84 rorb $0x84,(%rdi)
6: 9e sahf
7: 00 00 add %al,(%rax)
9: 00 4c 89 e6 add %cl,-0x1a(%rcx,%rcx,4)
d: 4c 89 f9 mov %r15,%rcx
10: 48 89 c2 mov %rax,%rdx
13: 48 c7 c7 80 8f 84 82 mov $0xffffffff82848f80,%rdi
1a: e8 1a d4 2b c1 callq 0xffffffffc12bd439
1f: 41 89 c4 mov %eax,%r12d
22: 85 c0 test %eax,%eax
24: 78 27 js 0x4d
26: 48 8b 43 08 mov 0x8(%rbx),%rax
2a:* 48 8b 00 mov (%rax),%rax <-- trapping instruction
2d: 48 8b 78 18 mov 0x18(%rax),%rdi
31: 41 b9 01 00 00 00 mov $0x1,%r9d
37: 4d 89 f8 mov %r15,%r8
3a: 48 89 e9 mov %rbp,%rcx
3d: 4c 89 f2 mov %r14,%rdx
Code starting with the faulting instruction
===========================================
0: 48 8b 00 mov (%rax),%rax
3: 48 8b 78 18 mov 0x18(%rax),%rdi
7: 41 b9 01 00 00 00 mov $0x1,%r9d
d: 4d 89 f8 mov %r15,%r8
10: 48 89 e9 mov %rbp,%rcx
13: 4c 89 f2 mov %r14,%rdx
[ 23.701076][ T473] RSP: 0018:ffffc900005f7ae8 EFLAGS: 00010202
[ 23.706941][ T473] RAX: 0000000000000000 RBX: ffff888879bc5780 RCX: ffff88816a92703c
[ 23.714692][ T473] RDX: 0000000000000000 RSI: 00000000fffffffe RDI: ffffffff82848fc8
[ 23.722444][ T473] RBP: ffff88811a976a40 R08: 0000000000000000 R09: ffff888102b95330
[ 23.730199][ T473] R10: ffff888102188d80 R11: ffff888102188480 R12: 000000000000002c
[ 23.737950][ T473] R13: ffff888102188d80 R14: ffffffffc0180407 R15: 000000000000002c
[ 23.745705][ T473] FS: 00007fc8b516d980(0000) GS:ffff888854080000(0000) knlGS:0000000000000000
[ 23.754406][ T473] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 23.760782][ T473] CR2: 0000000000000000 CR3: 000000087b3f2001 CR4: 00000000003706e0
[ 23.768536][ T473] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 23.776290][ T473] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 23.784044][ T473] Call Trace:
[ 23.787162][ T473] <TASK>
[ 23.789936][ T473] ovl_create_over_whiteout (fs/overlayfs/dir.c:526) overlay
[ 23.796167][ T473] ? security_prepare_creds (security/security.c:1700 (discriminator 13))
[ 23.801348][ T473] ovl_create_or_link (fs/overlayfs/dir.c:620) overlay
[ 23.806969][ T473] ? new_inode (fs/inode.c:1051)
[ 23.811029][ T473] ovl_create_object (fs/overlayfs/dir.c:651) overlay
[ 23.816554][ T473] lookup_open+0x552/0x6c0
[ 23.821387][ T473] open_last_lookups (fs/namei.c:3451)
[ 23.826136][ T473] ? path_init (fs/namei.c:2411)
[ 23.830366][ T473] path_openat (fs/namei.c:3655 (discriminator 1))
[ 23.834513][ T473] ? ovl_getattr (fs/overlayfs/inode.c:277) overlay
[ 23.839692][ T473] do_filp_open (fs/namei.c:3685)
[ 23.843934][ T473] ? __virt_addr_valid (arch/x86/mm/physaddr.c:65)
[ 23.848699][ T473] ? __check_object_size (mm/memremap.c:153)
[ 23.854396][ T473] do_sys_openat2 (fs/open.c:1214)
[ 23.858798][ T473] __x64_sys_openat (fs/open.c:1241)
[ 23.863287][ T473] do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)
[ 23.867526][ T473] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:113)
[ 23.873236][ T473] RIP: 0033:0x7fc8b67d92c7
[ 23.877469][ T473] Code: 25 00 00 41 00 3d 00 00 41 00 74 47 64 8b 04 25 18 00 00 00 85 c0 75 6b 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 95 00 00 00 48 8b 4c 24 28 64 48 33 0c 25
All code
========
0: 25 00 00 41 00 and $0x410000,%eax
5: 3d 00 00 41 00 cmp $0x410000,%eax
a: 74 47 je 0x53
c: 64 8b 04 25 18 00 00 mov %fs:0x18,%eax
13: 00
14: 85 c0 test %eax,%eax
16: 75 6b jne 0x83
18: 44 89 e2 mov %r12d,%edx
1b: 48 89 ee mov %rbp,%rsi
1e: bf 9c ff ff ff mov $0xffffff9c,%edi
23: b8 01 01 00 00 mov $0x101,%eax
28: 0f 05 syscall
2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction
30: 0f 87 95 00 00 00 ja 0xcb
36: 48 8b 4c 24 28 mov 0x28(%rsp),%rcx
3b: 64 fs
3c: 48 rex.W
3d: 33 .byte 0x33
3e: 0c 25 or $0x25,%al
Code starting with the faulting instruction
===========================================
0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax
6: 0f 87 95 00 00 00 ja 0xa1
c: 48 8b 4c 24 28 mov 0x28(%rsp),%rcx
11: 64 fs
12: 48 rex.W
13: 33 .byte 0x33
14: 0c 25 or $0x25,%al
[ 23.896740][ T473] RSP: 002b:00007ffd58ddcfa0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 23.904934][ T473] RAX: ffffffffffffffda RBX: 000000000000000d RCX: 00007fc8b67d92c7
[ 23.912698][ T473] RDX: 0000000000080842 RSI: 000055aa55019ee0 RDI: 00000000ffffff9c
[ 23.920466][ T473] RBP: 000055aa55019ee0 R08: 000055aa550129c8 R09: ffffffffffffffff
[ 23.928223][ T473] R10: 00000000000001a0 R11: 0000000000000246 R12: 0000000000080842
[ 23.935977][ T473] R13: 000055aa55018890 R14: 000055aa55011d50 R15: 0000000000000200
[ 23.943734][ T473] </TASK>
[ 23.946591][ T473] Modules linked in: acpi_cpufreq(-) sg ip_tables overlay rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver btrfs blake2b_generic xor raid6_pq zstd_compress libcrc32c sd_mod t10_pi intel_rapl_msr intel_rapl_common x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel i915 kvm intel_gtt irqbypass ttm crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel mei_wdt intel_wmi_thunderbolt wmi_bmof drm_kms_helper ahci rapl libahci syscopyarea intel_cstate sysfillrect sysimgblt intel_uncore fb_sys_fops libata mei_me i2c_designware_platform drm mei i2c_designware_core idma64 intel_pch_thermal wmi video intel_pmc_core acpi_pad
[ 24.002894][ T473] CR2: 0000000000000000
[ 24.006878][ T473] ---[ end trace 0000000000000000 ]---
[ 24.012139][ T473] RIP: 0010:ovl_set_upper_acl (fs/overlayfs/ovl_entry.h:90 fs/overlayfs/ovl_entry.h:95 fs/overlayfs/overlayfs.h:254 fs/overlayfs/dir.c:457) overlay
[ 24.018447][ T473] Code: c5 48 85 c0 0f 84 9e 00 00 00 4c 89 e6 4c 89 f9 48 89 c2 48 c7 c7 80 8f 84 82 e8 1a d4 2b c1 41 89 c4 85 c0 78 27 48 8b 43 08 <48> 8b 00 48 8b 78 18 41 b9 01 00 00 00 4d 89 f8 48 89 e9 4c 89 f2
All code
========
0: c5 48 85 (bad)
3: c0 0f 84 rorb $0x84,(%rdi)
6: 9e sahf
7: 00 00 add %al,(%rax)
9: 00 4c 89 e6 add %cl,-0x1a(%rcx,%rcx,4)
d: 4c 89 f9 mov %r15,%rcx
10: 48 89 c2 mov %rax,%rdx
13: 48 c7 c7 80 8f 84 82 mov $0xffffffff82848f80,%rdi
1a: e8 1a d4 2b c1 callq 0xffffffffc12bd439
1f: 41 89 c4 mov %eax,%r12d
22: 85 c0 test %eax,%eax
24: 78 27 js 0x4d
26: 48 8b 43 08 mov 0x8(%rbx),%rax
2a:* 48 8b 00 mov (%rax),%rax <-- trapping instruction
2d: 48 8b 78 18 mov 0x18(%rax),%rdi
31: 41 b9 01 00 00 00 mov $0x1,%r9d
37: 4d 89 f8 mov %r15,%r8
3a: 48 89 e9 mov %rbp,%rcx
3d: 4c 89 f2 mov %r14,%rdx
Code starting with the faulting instruction
===========================================
0: 48 8b 00 mov (%rax),%rax
3: 48 8b 78 18 mov 0x18(%rax),%rdi
7: 41 b9 01 00 00 00 mov $0x1,%r9d
d: 4d 89 f8 mov %r15,%r8
10: 48 89 e9 mov %rbp,%rcx
13: 4c 89 f2 mov %r14,%rdx
To reproduce:
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
sudo bin/lkp install job.yaml # job file is attached in this email
bin/lkp split-job --compatible job.yaml # generate the yaml file for lkp run
sudo bin/lkp run generated-yaml-file
# if come across any failure that blocks the test,
# please remove ~/.lkp and /lkp dir to run from a clean state.
--
0-DAY CI Kernel Test Service
https://01.org/lkp
View attachment "config-5.17.0-00019-g30f9ef947950" of type "text/plain" (162610 bytes)
View attachment "job-script" of type "text/plain" (7442 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (20440 bytes)
View attachment "job.yaml" of type "text/plain" (4650 bytes)
Powered by blists - more mailing lists